Advice for a Beginner?

[Katylar]

Hi! Sorry if this is the wrong section for this post, I don't quite know where it should be. 

 

I'm a co-owner of a small startup and we maintain a small office. With that being said, our budget is limited so we've been making do with a barebones network setup and we've had a lot of issues but we've soldiered on. To give you an idea, our current setup is as follows: 1 ISP-issued modem+router-switch+AP (you know that combo box?). Like I said--barebones and pathetic.

 

Now that we have some wiggle room, we've decided to try sorting out our networking solution. We're planning to gently expand over the coming months, and we think it's high time we made sure we were using a slightly more professional setup. However, enterprise solutions are still way beyond our budget, I think. And getting a networking professional to do the planning, config, and physical wiring is also outside of our budget.

 

So it's fallen on me to do everything. I have some rudimentary knowledge on networking (some CISCO courses back in 2004-2005), and am a system builder. Although I'm sure my knowledge is miniscule compared to those who are actually qualified, I'm willing to learn and put in the hours. And we have interns who can help me with the actual wiring (and the office isn't that big).

 

So here's our setup:

• We currently have a single DSL line.
• I have some Cat6 or Cat5e stowed away somewhere. No shortage of those.
• For Phase 1 (this 2018), we have:
  • 6 desktops connected via Ethernet
  • Around 15~20 devices connected via WiFi, including 1 wireless printer and a chromecast
• For Phase 2 (probably early next year, so the network I'm planning should be able to accommodate these):
  • Addition of 10 more desktops connected via Ethernet
  • Around 20 more devices connected via WiFi
  • A NAS that all devices can access (with password)
  • And eventually perhaps a Load Balancer so we can integrate our current DSL and the Fiber line we're planning to get soon.

 

I plan to eventually setup a NAS, but that's a secondary concern. For now, I just need all the devices to be able to access the internet and maybe print.

 

I was originally planning to just buy a wireless router to attach to our modem and have everything connected to that, but that's no longer viable. So I was thinking of buying a router, 21-port Switch, and a WAP (or 2).

 

But after checking out most examples of the web, they all strongly recommend having a firewall between my modem and my router. Hardware Firewalls are exorbitantly expensive. So I did more research and found pfSense. This seems ideal, so I'm looking for some feedback. I could easily build a system from spare or 2nd-hand parts that we can use as our router+firewall if this it the case, although I'm not sure at what point it becomes more cost-effective to buy a ready-made router and/or firewall from TP-Link rather than try to DIY it using a PC (given that I'll need to spend cash on lots of RAM, I believe?)

 

Finally, I've heard about MESH. I can't quite wrap my head around this, and if I should learn and implement this topology, instead.

 

FYI: We're from Manila, Philippines. So availability of certain hardware is a concern (And thus why I'm thinking of just going the DIY PC route). Ebay and Craigslist aren't that helpful, but we do have our own online marketplaces for hardware.

 

 

[imreloadin]

8 minutes ago, Katylar said:

-snip-

Honestly, unless your startup is something computer centric (i.e. something you should know being networking), I would hire someone to create a network for you and set everything up. I know this forum is for do-it-yourself people but since this is for a business you really need to make sure everything works and that it is supported. They're the ones who know what type of solutions work best in what business needs.

 

The last thing your company needs to be worrying about during an outage is trying to troubleshoot/fix whatever hobbled together setup that was created.

Then there is the whole security aspect of it, this is something that a professional IT team would know how to address and what kind of solution would best fit your needs.

 

Again I'm not saying you don't know what you're doing and couldn't create something on your own. I'm just saying that if this is your sole source of revenue than you owe it to yourself and your employees, if you have any, to have a system in place that minimizes downtime for the business.

[jj9987]

If you want to use Fiber and DSL both, you do not need Load Balancer (if we follow terminology here). It's usually named dual WAN, however using multiple internet connections simultaneously is kinda difficult and might not give expected results. I'm pretty sure Fiber speeds might be enough, so DSL could be a backup solution (e.g. in case fiber goes down).

 

Unfortunately these require different devices. For optical connections, you need something that has respective fiber female connector. DSL uses standard RJ45/8P8C connector, however it is different from standard Ethernet, requiring you to have necessary device to do the "translating".

 

pfSense is a good option for router and firewall. As for building a system, you may be better off using server-grade parts (or even an old server), that has better redundancy and reliability than standard PC builds. pfSense also supports dual WAN and high availability setups. I would avoid using consumer-grade (e.g. TP-Link) routers, they tend to lose performance rather quickly.

 

Also you may want to consider securing your internal network, VLANs for example. For wireless, I recommend getting proper wireless access points, for example something from Ubiquiti lineup. 

 

Finally - since it is an enterprise environment, make sure you are up for the task (that you absolutely know what you are doing) and/or purchase a support plan or find someone, who knows about networking and can create a great setup for you.

[Radium_Angel]

24 minutes ago, imreloadin said:

Honestly, unless your startup is something computer centric (i.e. something you should know being networking), I would hire someone to create a network for you and set everything up. I know this forum is for do-it-yourself people but since this is for a business you really need to make sure everything works and that it is supported. They're the ones who know what type of solutions work best in what business needs.

 

The last thing your company needs to be worrying about during an outage is trying to troubleshoot/fix whatever hobbled together setup that was created.

Then there is the whole security aspect of it, this is something that a professional IT team would know how to address and what kind of solution would best fit your needs.

 

Again I'm not saying you don't know what you're doing and couldn't create something on your own. I'm just saying that if this is your sole source of revenue than you owe it to yourself and your employees, if you have any, to have a system in place that minimizes downtime for the business.

^ this.

The security issues alone will bankrupt you if you get targeted (and you *will* get targeted) 

You ready to face the wrath of the media looking to crucify someone for leaking all their customer data?

[Katylar]

Hi Everyone,

 

Thanks for your advice. To elaborate, we're a small company and our business is primarily an offline one. To reiterate, we're not looking for an enterprise-level solution, because aside from the budgetary constraints, I don't think we really need it. We're primarily a print design company (we are not a tech startup), so we don't handle consumer information/data nor do we interface with consumers at all. What we will have on the server will be our PSDs, AIs, etc., which aren't that damaging if 'leaked'.

 

We've been using this ISP-issued modem as our router and AP for the past 3 years, and although it's been frustrating sometimes whenever a phone gets disconnected or our CS:GO lanparties after hours become laggy, we've been able to work. However, I do want to integrate a NAS eventually so we can consolidated our workfiles (and give all our designers a single place to go), and being able to connect more desktops via ethernet (our modem combo has only 4 ports) are the primary reasons why we're planning to try and go for a better setup.

 

That's also why I'm hoping to get some advice and then do it on my own. So that I can learn and grow alongside our business. If--and when--we eventually expand enough to require enterprise-level stuff, then hopefully I'd be good enough to handle that, too.

[imreloadin]

2 hours ago, Katylar said:

To elaborate, we're a small company and our business is primarily an offline one.

That doesn't exist anymore, if you interact with customers, clients, etc online (whether it be email, a forum, a company website, etc) then you have some kind of online presence.

2 hours ago, Katylar said:

we don't handle consumer information/data nor do we interface with consumers at all.

Do you keep customer records? If so are those only physical (in other words paper documents in file cabinets) or do you keep electronic records as well? If you keep electronic records then where are they stored? Do you have a CRM system in place that stores records as a part of it or are things like invoices and the such kept local onsite on a hard drive?

2 hours ago, Katylar said:

What we will have on the server will be our PSDs, AIs, etc., which aren't that damaging if 'leaked'.

Do you keep any payment records for past/preset/return customers? I'm pretty sure your customers would consider it damaging if that information became public due to some kind of hack.

2 hours ago, Katylar said:

I do want to integrate a NAS eventually so we can consolidated our workfiles (and give all our designers a single place to go)

What kind of security are you setting in place to prevent your one file storage system from getting Crypto'd or hacked? What if one day an employee opens a malicious link in a seemingly normal email that causes all of you consolidated work files to be lost? That equals more time they have to spend redoing all of the work that YOU will have to then pay for while only receiving the original payment agreed upon with the client.

2 hours ago, Katylar said:

That's also why I'm hoping to get some advice and then do it on my own. So that I can learn and grow alongside our business.

Like I said before, if you have employees who depend on you for their livelihoods then you owe it to them to make sure you have a system that has been correctly set into place to protect against work-stoppages/information loss. If this isn't something that is in the budget currently then keep using your current ISP set up as that will be better than potentially misconfigured routers/firewalls/switches/etc until you can afford to have it done professionally. Learning networking is not something that is relevant to your business as you stated, please don't make the mistake of making your business into your IT playground.

2 hours ago, Katylar said:

If--and when--we eventually expand enough to require enterprise-level stuff, then hopefully I'd be good enough to handle that, too.

That right there is entirely the wrong way to think about this. If your business is successful and you expand to the point that you need enterprise level equipment please hire an IT team to do it for you.